CVE Catalog

CVE-2026-54311

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

23th percentile — higher than 23% of all known CVEs

Summary

n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode.

Risk Assessment

Due to the caching of the sandbox context, prototype mutations introduced by one user can affect SQL query executions in other workflows, allowing a low-privileged attacker to intercept workflow data processed by other users.

Recommendation

It is recommended to update n8n to versions 2.25.7 or 2.26.2 to mitigate this vulnerability. Additionally, user permissions for creating and executing workflows containing the Merge node in SQL Query mode should be restricted.

Original NVD description (English source)

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on the instance, prototype mutations introduced by one user's workflow persist into subsequent Merge SQL executions belonging to other users or projects. This allowed a low-privileged attacker to intercept workflow data processed by other users on the same instance. This issue only affects multi-user n8n instances where more than one user has permission to create and execute workflows containing the Merge node in SQL Query mode. This vulnerability is fixed in 2.25.7 and 2.26.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS